McAfee Recognized as Leader in Gartner Magic Quadrant for Security Information and Event Management for Seventh Consecutive Year

McAfee, one of the world’s leading cybersecurity companies, on December 07, 2017, announced that for the seventh consecutive year*, Gartner, Inc. has named the company a Leader in the “Gartner Magic Quadrant for Security Information and Event Management.”

“We are proud to once again be recognized by Gartner and believe it marks our exceptional performance in enabling effective cybersecurity operations,” said Raja Patel, vice president and general manager of corporate products at McAfee. “Investing in solutions for the security operations center (SOC) is a key part of McAfee’s strategy offering customers the most advanced and robust control points of a modern cybersecurity architecture—endpoint and cloud—with actionable threat intelligence, analytics, and orchestration enabled by an open ecosystem.”

According to Gartner, “the SIEM Leaders quadrant is composed of vendors that provide products that are a strong functional match to general market requirements, have been the most successful in building an installed base and revenue stream within the SIEM market, and have a relatively high viability rating (due to SIEM revenue or SIEM revenue in combination with revenue from other sources). In addition to providing technology that is a good match to current customer requirements, Leaders also show evidence of superior vision and execution for emerging and anticipated requirements. They typically have relatively high market share and/or strong revenue growth, and have demonstrated positive customer feedback for effective SIEM capabilities and related service and support.”

Today, many SOC teams find they don’t have the staff and expertise to keep up with the growing number of threats that need to be triaged. McAfee research found that one-quarter of alerts go under-investigated, which results in moderate or severe harm to the business. Organizations often look to augment their staffing to fill the gap in alert coverage, only to find themselves thwarted by a gap in available expertise.

McAfee believes that organizations must instead look to close this gap through human-machine teaming in the SOC, enabling analysts to quickly and confidently turn actionable data into insights, make decisions and take action. To better assist organizations with managing the deluge of data in the SOC, McAfee tools collect, prioritize and visualize data. Open interfaces connect the SOC to IT, endpoint, and network operational teams, ensuring analysts have the visibility needed to solve problems quickly through analytics and monitoring.

To improve analyst expertise, McAfee provides them with off-the-shelf recommendations, such as priority alerts, watchlists and likely hypotheses that serve as a starting point without limiting analyst options. Recommendations guide analysts to consider more facets of each incident, educating them in the moment with the knowledge of experts. Integrated threat intelligence, machine learning, and artificial intelligence (AI) techniques further evolve to handle changing threat patterns, data, and best practices.

To improve its ability to deliver these benefits in 2018 and beyond, McAfee has updated McAfee Enterprise Security Manager with additional risk monitoring and auditing tools and introduced a completely new analytics service, McAfee Investigator. Investigator is a cloud-based solution that helps triage alerts from SIEM, endpoint, and other data sources. It utilizes both machine learning and AI to increase accuracy and confidence of investigations – empowering security analysts of varied experience to fully assess threats and root cause more quickly.

Additionally, McAfee will be offering new behavior analysis capabilities in Q1 2018 as part of its security operations portfolio. McAfee’s behavioral analytics solution will apply advanced analytics techniques to identify users or entities that are exhibiting risky or suspicious behavior for use cases such as account misuse, compromised accounts, data staging/theft, infected hosts, internal recon, and lateral movement.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.